FireEye vows to expose 'truth' behind modern malware
- — 06 May, 2010 04:38
In his interview with CSO last week, FireEye Chief Security Architect Marc Maiffret lamented what he sees as the inability of security vendors to keep up with the malware innovations made in the pursuit of attacks against the likes of Adobe and Apple.
This week, his company launches a site designed to help companies keep better track of evolving malware architecture and mount a more effective defense.
ModernMalwareExposed.org, created and managed by FireEye, is described on the website as an "interactive, educational" site exposing the state and evolution of modern malware and its business implications. It will include tools, white papers and a blog where Maiffret tracks goings on among other vendors and the threats they are all tracking.
"Modern malware is becoming increasingly sophisticated in terms of what it can do and how it can be used," Maiffret said. "Relying on firewalls, antivirus, IPS and Web gateways will still leave you exposed."
The site also includes a built-in e-book Maiffret wrote called "Modern Malware Exposed" as well as a malware protection assessment companies can take to measure their own risks.
In last week's interview, Maiffret praised Microsoft for bringing its security a long way since the days when he was at eEye uncovering a multitude of Windows zero-day flaws. But he came down hard on Adobe and Apple for repeating many of Microsoft's earlier mistakes. Adobe faces growing criticism for widely exploited flaws in its software while Apple is increasingly the focus of malware writers even though it hasn't seen the level of attacks Microsoft and Adobe have.
"When you look at the industry and the mainstay players, they'll even tell you that their [malware] signature technology doesn't work anymore but that hey, "we have this great behavior-anomaly technology." What they don't tell you, and what the IT community can see, is that with those technologies you are either at one end of the spectrum or the other. If you tune the technology up you may catch a lot of things, but that includes a lot of false positives."
Of course, FireEye isn't the first company to offer such a service. Kaspersky Lab offers, among other things, a site called SecureList, while vendors like WatchGuard release frequent white papers with essentially the same aim.